Nope. That's why I changed all my players to BlueOS.

The real coincidence is that it's suddenly not Russia's fault on the eve of Trump's inauguration.

I replaced all my SONOS connects with BlueSound node Nano devices. A pricey replacement, but worth it.

As a bonus I was now able to turn off SMB1 on my home Samba server !

Yes, but this isn't in any way unique to TP-Link, nor does "ban TP-Link" do anything to actually solve the flaw or implement your solution.

I don't suppose they're also going to ban Cisco and Netgear: US confirms takedown of China-run botnet targeting home and office routers: "KV targets Cisco and Netgear"

Over and over, including with TP-Link, you find two common threads: (1) default/weak passwords, and (2) unpatched firmware. I haven't found a single reference to an attack that accused or implied that TP-Link intentionally installed backdoors to allow APTs to gain control, The problem is that consumers don't change their password or patch their firmware.

"According to security firm Fortinet, Dark.IoT operators are most likely using default passwords to access devices and use KamillÃ's bug to gain full control over unpatched TP-Link TL-WR840N routers." -- https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Ftherecord.media%2Ftp-lin...

"While the vulnerability was removed from later versions of this router model's firmware, Neumann said that thousands of devices had been available online at the time, many of which have remained unpatched, even to this day." -- https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Ftherecord.media%2Fbotnet...

"We are unsure how the attackers managed to infect the router devices with their malicious implant. It is likely that they gained access to these devices by either scanning them for known vulnerabilities or targeting devices that used default or weak and easily guessable passwords for authentication." -- https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fblog.checkpoint.com%2Fse...

> Every large NAS vendor (Synology, QNAP, etc) has their own SMB server they wrote themserlves

That's untrue. Both Synology and QNAP use Samba. QNAP contributes code and bugfixes back to samba.org (Hi Jones !).

50/50: Either we are or we aren't?

Think of it this way: we're getting pretty close to making a very realistic simulation. If you can imagine that we will be able to make a simulation, then it's natural to assume that, eventually, the simulation will be able to make a simulation. And that simulation can make a simulation. In addition, if we can make a single-layer simulation, we can make multiple copies of that simulation. So given an unknown number of possible simulated universes, the odds are increasingly unlikely that you are in the "top" level non-sim real universe.

I have no issue with it taking a reasonable time. But this complaint is now decades old. They've had government handouts to provide better rural access based on fees for the entirety of the century so far IIRC or close enough.
And we've been paying the fees for that long. So if that money hasn't been used for what I paid for I want it back.

OpenAI started casting for voice actors in May 2023. They hired the actress in June 2023. The actress who recorded Sky said they asked her to use her natural voice, never referenced the movie Her, and that no one ever told her she sounded like Scarlett Johansson.

In September 2023, they both released Sky and asked Scarlett Johansson if she wanted to record her voice. She said no. Skip ahead to May 2024 and the release of 4o, and Altman asks Scarlett again. Sky was already in use for more than half a year when the hype of 4o made everyone focus on the voice.

When Scarlett complained, they took down the voice.

https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.washingtonpost.com...

The upstream Linux kernel doesn't differentiate between security bugs and "normal" bug fixes. So the new kernel.org CNA just assigns CVE's to all fixes. They don't score them.

Look at the numbers from the whitepaper:

"In March 2024 there were 270 new CVEs created for the stable Linux kernel. So far in April 2024 there are 342 new CVEs:"

Yes ! That's exactly the point. Trying to curate and select patches for a "frozen" kernel fails due to the firehose of fixes going in upstream.

And in the kernel many of these could be security bugs. No one is doing evaluation on that, there are simply too many fixes in such a complex code base to check.

Oh that's really sad. I hope they use a more up to date version of Samba :-).

I don't see that argument in the blog or paper.

Did you read them ?

There are many more unfixed bugs in vendor kernels than in upstream. That's what the data shows.

You're missing something.

New bugs are discovered upstream, but the vendor kernel maintainers either aren't tracking, or are being discouraged from putting these back into the "frozen" kernel.

We even discovered one case where a RHEL maintainer fixed a bug upstream, but then neglected to apply it to the vulnerable vendor kernel. So it isn't like they didn't know about the bug. Maybe they just didn't check the vendor kernel was vulnerable.

I'm guessing management policy discouraged such things. It's easier to just ignore such bugs if customer haven't noticed.